Application Security This Week for April 28

Another Weblogic deserialization bug.

https://securityaffairs.co/wordpress/84450/breaking-news/oracle-weblogic-zeroday.html

I have a PR in for Nikto for it

https://github.com/sullo/nikto/pull/607

 

A reminder that application security is more than SQL Injection: good analysis of the bugs that caused the 737 Max wrecks. I had to drop it in Pastebin because IEEE put it behind the paywall.

https://pastebin.com/QEiKvvMM

 

Using Git dotfiles to bypass authentication.

https://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/

 

ZDNet, of all places, has a really good, plain language explainer of credential stuffing.

https://www.zdnet.com/article/an-inside-look-at-how-credential-stuffing-operations-work/

 

Little more on the dev side - 10 articles reviewed about using Python in machine learning.

https://hackernoon.com/10-great-articles-on-python-development-6f54dd38437f

 

And that 's the news!  I'll be on vacation next week, so see you on the 12th.

 

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList